r r •• ; 4r',i , 

REF ID : A64377 



TOrflconiH f- 



Conprcedsea of CQMIHT Putt to Ineffective 
COMSEC 

Chief of Staff g/ASSt, Mr* Friedman 3 icnresiber $4 

THRU: PROD (Col. Mercy) 

COMSEC (Col. Herrelko) 

References* (a.) USCIBj 13.5/65, 81 October 19>4 

lb) IBJB/336/54, T October lS54/&ci. 1 of Ref. {a)7 
Co) OB #000273 /»ael* » of Ref. (*17 

(4) Part m of Sea SerUX 000407, 3 Sept 1354 /loci. 1 of Ref. (c]/ 
(e) HSG 168, 20 October 1953 

if) BOD Directives Coccuni cut ions Security (COMSEC), $4 Apr 1954 
(g) SBC ID Ho. 9 Revised, S4 October 1958 

1. Reference (a) cites once again the problem of ineffective communications 
security. Its iacloeurea recommend preventive and corrective actions. 

St. a. In Reference (c) the Director is quoted as saying* 

"■Error* in this category are ordinarily due to partial ignorance 
of the rules or insufficient training and experience la their application, and 
less frequently to inattention or carelessness. Additional training and 
experience, therefore, can be expected to result in a degree of technical 
competence that could virtually eliminate this type of error." 

Again the Director is quoted from Reference (e)s 

"... p rev ent ive and corrective action in the future should place 
increased and continued emphasis on specific guides and criteria for the train- 
ing and indoctrination of personnel, and on the basic responsibility of command 
to develop in subordinates a deep sense of personal responsibility for the 
maintenance of conwamlcatlon* security.'’ 

3. Consistent vith the Director’s indicated sentiments in the natter. 
Reference (d) cites additional action contemplated by KSA to Improve communi- 
cation* security in the CCMXlff elements under his operational and technical 
control. Basically these are* 

S. Issuance of detailed check lists for field use. 

h. Ijsssedlate Inspection of activities by the Officers in Charge or 
by Conraan&ing Officers, followed by similar inspections every six months, 
utilising the check list* of §. 

i$. Unofficial training Visit teams provided by KSA on a qualified- 
personnel-available basis for explanation end discussion of the check list and 
its use at the field stations. ("Request* for training visit* would be addressed 
to the Director, ISA, via the Head of the Service Cryptologic Agency concerned.”) 
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d. Tbs establishment of CC3WSSC training criteria for the guidance 
of CoiaoRnaing Officer® and Officers in Charge of OQMIHT activities* 

k, Bsfcrrlng to tba corresponding »Ub -paragraphs of paragraph $ above , the 
following coassents are offered? 

£. Expended, re-worked, and more inclusive check lists than those now 
in existence for field use is undoubtedly a fine idea. 33»e« check lists should 
bo reviewed on a continuing basis. 

An 01C of CCMSEC functions whose personal and continuing 90? 
does act include an almost daily inspection of check list procedures is not 
doing his Job* A once -secure procedure, whether governed by a check list or 
not, is not necessarily self -perpetuating — erven on a day-to-day basis. Sbi* 
recoraasndation contains no new force. Furthermore, if the OICs ever got the 
idea that inspections on a slx-nonth basis were sufficient, it could be damaging. 
If the purpose of this recotaaendation is only to get a six -month report cm COMSEC 
procedures from the field, then it has merit. 

£. The idea of getting qualified JSSA COMSEC people out to the field 
to explain and discuss is good, but this recoeoeadation is weak. It Is to be 
an unofficial program on a personnel-available basis, utilised on the request 
of the field activity! thus, it would constitute a hit-or-aiss proposition at 
best. 



d* Good. Toe training criteria should include sufficient cryptaaalytic 
knowledge to assure that COMSEC people are mtmecieusly aware that improperly 
used cryptosystems can be reed. 

5. ESA's mission is such, and the compromises of CQMIhT due to ineffective 
eooaaunl cations security are such that the serious dangers to CQHItrr security can 
be reduced or eliminated only by soon ESA actions beyond those which are already 
being taken by the respective Services, fhe idea that SSA actions would be 
superfluous in this situation is now a proven fallacy. It appears that ISA has 
little choice in the matter, be should and must assume a position of consistent, 
continuing, and sgressive leadership in the realm Of CCMSEC and especially a# 
regards the security of our CQKIWX oooraunicaticaui. Where the tools needed to 
accomplish the mission are i na dequ ate or lacking, they must be manufactured* 

This is especially true as far as training and inspection functions are concerned. 

6. In accordance with the foregoing, the following suggestion* are mode* 

a. Initiate action as soon as possible to have MSC 166 amended to 
Include CONSEC training as a directly stated ESA responsibility. 

b* Carry out the actions indicated in Reference (d) pertaining to the 
Issuance of detailed check lists and the establishment of CCWBEC training criteria. 

S* Send appropriate letters to the Services and the Cryptologic Agencies, 
encouraging them (particularly the Amy and the Air force) to make cryptosecurity 
the primary duty of the responsible officer rather than an additional duty as is 
too often the case. 








=©f^ 



4. Send appropriate letters to the Services and Cryptologic Agencies 
to encourage » rigorous and continual an- the -Job education of the operators 
end the responsible officers in the existence# availability end proper use of 
the A73AS3# JAHAPS, OI’s# etc.# end the Machines theasalva*. 

Recognita the fact that H3A has a world- vide, dual operational 
Mission by deliberately assigning a CCSCSC expert to each B3A. oversea* headquarters 
end charging hint vith the appropriate responsibilities so that be nay advise and 
instruct the responsible cryptoaecurity officers eu the specific nature end causes 
of violations and the nany tools and publications available to help prevent 
breaks if utilised properly, Shi* MSA ns could run a quarterly critique# based 
an the violations listed in the quarterly OOKSEC Violations Reports# and trace 
each break to the operator and machine concerned and give on-the-spot guidance 
on the proper use of the available tools to avoid the possibility of such breaks 
in the future* $Bk is already charged (Ref* f*) vith providing technical 
guidance and support for oorypteaecurity training conducted by the Military depart- 
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f« Cause a tactful study to be Made of the 10 functions of the 
Cryptologic Agencies to determine} 

(l) To shat extent they Include inspection and assistance 
ia the ispleaentation of the operational, and technical 
directives of KSA# and 

(a) Want steps need to be taken to develop a vs IX -directed, 
coordinated, and continuing 10 inspection and assistance 
system executed by the Cryptologic Agencies and guided 
by the ISA Inspector General to assure the iaplsaentation 
ef ell ISA’s operational and technical directives. 

g. Take the steps indicated as a result of f{2). 

/S a regard to inspection* of COKSEC activities, the pertinent DQD 
bireotive (Reference f) mv sorely states* *ltethiog in this directive shall 
be c<mstru*4 to give the board or any of its representative* the right to 
inspect the operation of CtWSEC in any Military deportsxmt without approval by 
the bead thereof /y 

7* Rome of the actions Mentioned above are undoubtedly being carried out in 
tone degree in ma place car another, however, I do not believe there is a deliberate# 
Will conceived# over -all effort vith a single no a* of purpose designed specifically 
to promote a vigorous and continual prograa of real leadership and follow-up action 
to rsduco the conpromisea of CGMUTT and ether classified Material attributable to 
ineffective e<usou»i cat ions -security Measures and actions* This is a Major part 
«f ISA's mission, stated explicitly or implied In the pertinent directives j ve 
should take vigorous action to carry out that part of our miss ion. 
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